CVE-2010-20113
high-risk
Published 2025-08-21
EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.
Do I need to act?
!
62.7% chance of exploitation in next 30 days
EPSS score — higher than 37% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (5)
Third Party Advisory
https://www.vulncheck.com/advisories/easyftp-server-list-html-stack-buffer-overf...
56
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
19/34 · Moderate
Exposure
5/34 · Minimal